CVE-2009-4607

Overland Storage Snap Server 410 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4607. PoCs published by trompele.

AI-analyzed exploit summary This exploit leverages the 'less' pager in Snap Server 410's GuardianOS 5.1.041 to escalate privileges from uid=1 (admin) to uid=0 (root) by executing '/bin/sh' via the '!' command in 'less'. It is a straightforward local privilege escalation technique.

Description

The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the "less" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the "!" character within less to access a privileged shell.

Exploits (1)

exploitdb WORKING POC VERIFIED
by trompele · textlocalhardware
https://www.exploit-db.com/exploits/9955

This exploit leverages the 'less' pager in Snap Server 410's GuardianOS 5.1.041 to escalate privileges from uid=1 (admin) to uid=0 (root) by executing '/bin/sh' via the '!' command in 'less'. It is a straightforward local privilege escalation technique.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Snap Server 410 GuardianOS 5.1.041
Auth required
Prerequisites: SSH access as admin (uid=1) · Access to the 'less' command
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53881
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36739
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507318/100/0/threaded

Scores

EPSS 0.0032
EPSS Percentile 54.7%

Details

CWE
CWE-264
Status published
Products (2)
overlandstorage/guardianos 5.1.041
overlandstorage/snap_server_410
Published Jan 13, 2010
Tracked Since Feb 18, 2026